Ysuzhangbin

#15259de 53,639
17.6CVSS total
Vulnerabilidades · 2
Alta
2
PT-2023-31230
8.8
2023-12-05
Jfinalcms · Jfinalcms · CVE-2023-49446
**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 5.0.0 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in JFinalCMS. The vulnerability can be exploited via the "/admin/nav/save" API endpoint. **Recommendations** For JFinalCMS version 5.0.0, as a temporary workaround, consider restricting access to the "/admin/nav/save" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-31231
8.8
2023-12-05
Jfinalcms · Jfinalcms · CVE-2023-49447
**Name of the Vulnerable Software and Affected Versions** JFinalCMS version 5.0.0 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in JFinalCMS. The vulnerability can be exploited via the "/admin/nav/update" API endpoint. **Recommendations** For JFinalCMS version 5.0.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the "/admin/nav/update" endpoint until a patch is available.